Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vga: stop passing pointers to vga_draw_line* functions
Instead pass around the address (aka offset into vga memory). Add vga_read_* helper functions which apply vbe_size_mask to the address, to make sure the address stays within the valid range, similar to the cirrus blitter fixes (commits ffaf857 and 026aeff). Impact: DoS for privileged guest users. qemu crashes with a segfault, when hitting the guard page after vga memory allocation, while reading vga memory for display updates. Fixes: CVE-2017-13672 Cc: P J P <email@example.com> Reported-by: David Buchanan <firstname.lastname@example.org> Signed-off-by: Gerd Hoffmann <email@example.com> Message-id: firstname.lastname@example.org
- Loading branch information
Showing with 114 additions and 94 deletions.
Oops, something went wrong.